Hello Together Please i have new following Error, from DMARC Report, if i check my domain on example mxtoolbox i dont see any problems. Any from you know this Eror report, what i need to do to fix this issue? C:\folder>nslookup 94.237.32.243 Server: dns204.data.ch Address: 211.232.23.124 Name: wursti.dovecot.fi Address: 94.237.32.243 -- I check also dkim and spif but i don't see the mistake, i dont want that me Mailserver become seriussly mail problems. Regards Mauri <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> <org_name></org_name> <email>mreport at vmfacility.fr</email> <report_id>caloro.ch:1503564302</report_id> <date_range> <begin>1503477902</begin> <end>1503564302</end> </date_range> </report_metadata> <policy_published> <domain>caloro.ch</domain> <adkim>s</adkim> <aspf>s</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>94.237.32.243</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>caloro.ch</header_from> </identifiers> <auth_results> <spf> <domain>dovecot.org</domain> <result>unknown</result> </spf> <dkim> <domain>caloro.ch</domain> <result>pass</result> </dkim> </auth_results> </record> </feedback>
Maurizio Caloro:> Please i have new following Error, from DMARC Report, if i check my domain > on example mxtoolbox i dont see any problems. > > Any from you know this Eror report, what i need to do to fix this issue?I guess, the reports are about messages you sent to the list: https://dovecot.org/pipermail/dovecot/2017-August/109097.html are you *really* sure you signed the messages well? Why do they contain two Signatures? It may happen the signature is invalid just after signing. Assuming your messages where signed correct, compare the header field you signed ("From:To:Subject:Date:From") with the version you received back from the listserver. On the other side, there is a quiet good chance the listserver deleted an html part you sent. ( X-Content-Filtered-By: Mailman/MimeDel 2.1.15 ) so, send plain text... next: mailman 2.1.15 is 5 years old. These versions are known to be not very supportive regarding DMARC because DMARC just was invented ~2012. If resources are available @dovecot, the operator may update to a newer version. Currently 2.1.24 is the latest release. In any case, your DMARC policy p=none prevent further damage. p=none is the the friendly choice for domains sending to lists these days. Andreas
Le 8/24/2017 ? 3:47 PM, A. Schulze a ?crit?:> > Maurizio Caloro: > >> Please i have new following Error, from DMARC Report, if i check my >> domain >> on example mxtoolbox i dont see any problems. >> >> Any from you know this Eror report, what i need to do to fix this issue? > > I guess, the reports are about messages you sent to the list: > https://dovecot.org/pipermail/dovecot/2017-August/109097.html >As I explained to Maurizio (off list), he received an aggregate report.. (Actually from one of my mail servers) in the sample he sent... It's an aggregate report, so even if everything was succesful, I (or rather opendmarc-reports since I'm using opendmarc) would still send a report ! So receiving a DMARC aggregate report isn't an indication of a problem ! Any SPF error in the report would be normal when received from a mailing list, but I think DMARC passes if either SPF or DKIM pass (you don't need both). Note this is a bit OT, since dovecot has nothing to do with SPF, DKIM, DMARC or any of the postfix/sendmail MILTERs. --Ivan -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3970 bytes Desc: Signature cryptographique S/MIME URL: <http://dovecot.org/pipermail/dovecot/attachments/20170824/4490002e/attachment.p7s>
In the same vein, I am receiving forensic DMARC reports from mx01.nausch.org. Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report. It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass... Here is what I am getting : This is an authentication failure report for an email message received from IP 163.172.81.229 on Thu, 24 Aug 2017 19:45:10 +0200 (CEST). Feedback-Type: auth-failure Version: 1 User-Agent: OpenDMARC-Filter/1.3.2 Auth-Failure: dmarc Authentication-Results: mx01.nausch.org; dmarc=fail header.from=vmfacility.fr Original-Envelope-Id: 7AA88C00088 Original-Mail-From:mreport at vmfacility.fr Source-IP: 163.172.81.229 (db04.ivansoftware.com) Reported-Domain: vmfacility.fr Authentication-Results: mx1.nausch.org; dkim=pass (2048-bit key) header.d=vmfacility.frheader.i=@vmfacility.fr header.b="oHXeoWbW" Authentication-Results: mx1.nausch.org; spf=pass smtp.mailfrom=<mreport at vmfacility.fr> smtp.helo=db04.ivansoftware.com Received: from db04 (localhost [127.0.0.1]) by db04.ivansoftware.com (Postfix) with ESMTP id A0447BE0870 for<dmarc-reports at nausch.org>; Thu, 24 Aug 2017 19:45:02 +0200 (CEST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.99.2 at db04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vmfacility.fr; s=mail; t=1503596702; bh=NWT2THShdUTG/xaKKp+wC6e3AahFUjoRkNEGJfERGdM=; h=To:From:Subject:Date:From; b=oHXeoWbWTTYlWh0orXRIZS6kuMaJmLzui2oTkSS8BCcYQ8x7F0QbDZfSrhQJpt3gv 0GOXiR1sgDgkXBOrd6Lms/ePsg33bCmmMgQdjPF62pACE7OlqVWxg6GYfsbFYUbBxC 902xtjJo2TnEyDCYAyJP0/VPwQ+lLMNlMzjKSCtMFYoc8i+V7pOLsQizgfr2dvoMA5 +RQ/ZkWoV42QrxxVzYN6beuQAdX3q5cB6N6XI9zHUw0cRB5scHc+M/3TH7XwTKmozm p1tAUzyLwhcYslktM348QA3hTMmvuH9Uo2th4wR3UdlkIX9WDjFWRw8JCbK9RUqmKu LePx9Q8z3nALg=To:dmarc-reports at nausch.org From:mreport at vmfacility.fr Subject: Report Domain: nausch.org Submitter: Report-ID: nausch.org-1503596702@ X-Mailer: opendmarc-reports v1.3.2 Date: Thu, 24 Aug 2017 19:45:02 +0200 (CEST) Message-ID: <nausch.org-1503596702@> Auto-Submitted: auto-generated MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="report_section" ************************ Note that the first part says authentication failed, but the second part (which is the mail headers for a legit DMARC aggregate report sent to the published DMARC rua for nausch.org) passes all the tests - both DKIM and SPF. I am also getting forensic reports from this MTA when posting to the list. So my guess is someone at nausch.org on this mailing list might have a misbehaving DMARC responder/filter. Note also that this is the only domain/MX I have had so far that responds in that way (that is - one that sends me a failed DMARC forensic report for a message I *KNOW* I sent - validated and through my SPF validated and with headers which are properly DKIM signed). --Ivan -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3970 bytes Desc: Signature cryptographique S/MIME URL: <http://dovecot.org/pipermail/dovecot/attachments/20170824/fc873907/attachment-0001.p7s>